nerdexam
CSA

CCSK · Question #62

CCSK Question #62: Real Exam Question with Answer & Explanation

The correct answer is E. Their own virtual instances in the cloud. In an IaaS model, the customer controls only their own virtual instances, making those the sole components the customer can independently investigate during a security incident.

Question

When investigating an incident in an Infrastructure as a Service (IaaS) environment, what can the user investigate on their own?

Options

  • AThe CSP server facility
  • BThe logs of all customers in a multi-tenant cloud
  • CThe network components controlled by the CSP
  • DThe CSP office spaces
  • ETheir own virtual instances in the cloud

Explanation

In an IaaS model, the customer controls only their own virtual instances, making those the sole components the customer can independently investigate during a security incident.

Common mistakes.

  • A. CSP server facilities are physical premises under the provider's exclusive control and are not accessible to individual customers for any investigation.
  • B. Logs of all customers in a multi-tenant cloud contain other tenants' confidential data, which the CSP is legally and contractually obligated to protect from disclosure.
  • C. Network components controlled by the CSP, such as physical switches and routers, fall within the provider's responsibility boundary and cannot be accessed by customers.
  • D. CSP office spaces are the provider's private property and are entirely outside the scope of any customer's incident investigation rights.

Concept tested. IaaS shared responsibility and incident investigation scope

Reference. https://csrc.nist.gov/publications/detail/sp/800-210/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCSK Practice